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APPARATUS FOR PROVING SYSTEM PROPERTIES 



METHOD AND APPARATUS FOR PROVING SYSTEM PROPERTIES 



BACKGROUND OF THE INVENTION 

FIELD OF THE INVENTION 

The present invention relates to a method and apparatus for 
reducing the complexity of a representation of a hardware system. 

DESCRIPTION OF THE PRIOR ART 

The first stage in synthesizing and proving the properties 
of a system is a compilation process in which the system is 
modelled by representation as a set of functions comprising :- 

a first subset of functions which determines the value of 
system outputs as a function of system inputs, system states 
represented by state bits, and internal signals; 

a second subset of functions which determines the values of 
state bits on the next clock cycle as a function of system 
inputs, system states represented by state bits, and internal 
signals; and 

a third subset of functions which determines the values of 
internal signals as a function of system inputs, system states, 
and internal signals . 

To enable or accelerate formal proof of the system and its 
properties, internal signals may be eliminated from the system 
model by substituting them into the functions which refer to 
them. In the course of this substitution, the representation of 
the model may become extremely large. If this occurs, it is 
possible to detect an explosion in the size of the representation 
and to suspend the substitution process while restructuring the 
representation to seek a reduction in size. 

Typically in a compilation process, static relationships 
between signals in the system model can be destroyed by dynamic 
restructuring operations. This can lead to a further explosion 
later during the substitution process. 
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It would be advantageous to take static relationships into 
account during the dynamic restructuring process. 

One technique of representing functions and internal signals 
is by the use of binary decision diagrams (BDD's) . A binary 
decision diagram is a representation of a digital function which 
contains the information necessary to implement the function. 
The diagram is a tree -like structure having a root and plural 
nodes, where the root represents the digital function and the 
nodes are labelled with variables. Each node has two branches, 
one representing the assertion that the variable labelling the 
node is 1, and the other representing the assertion that the 
variable labelling the node is 0 . In a BDD, "ordering" relates 
to the order in which variable names are encountered during 
traversal of the graph. Better orderings result in fewer nodes 
in the graph. 

SUMMARY OF THE INVENTION 

According to a first aspect of the present invention, there 
is provided a method for selecting an order in which to sift 
variables in a binary decision diagram comprising :- 

arranging the variables of a binary decision diagram on the 
nodes of a graph in which the nodes are labelled with the 
variables of the system such that the set of functions labelling 
leaves reachable from a node, correspond to the set of functions 
which depend on the variables labelling the node; and 

traversing the graph in a depth first manner, thereby to 
produce a list of said labels in said selected order. 

According to a second aspect of the present invention there 
is provided apparatus for selecting an order in which to sift 
variables in a binary decision diagram comprising a first store 
storing bits representing the variables of the binary decision 
diagram; 

a second store; and 

a processor adapted to arrange the said variables of said 
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binary decision diagram in a representation of the nodes of a 
graph in which the nodes are labelled with the variables such 
that the set of functions labelling leaves reachable from a node 
corresponds to the set of functions which depend on the variables 
labelling the node; and to 

traverse the graph in a depth- first manner such that said 
processor means outputs to said second store a list of said 
labels in said selected order. 

According to a third aspect of the present invention there 
is provided a method for restructuring a binary decision diagram 
representative of a hardware system, comprising: - 

arranging the variables of a binary decision diagram on the 
nodes of a graph in which the nodes are labelled with the 
variables of the system such that the set of functions labelling 
leaves reachable from a node corresponds to the set of functions 
which depend on the variables labelling the node; and 

traversing the graph in a depth- first manner to produce a 
list of said labels in a selected order; 

using said selected order, controlling sifting each 
variable . 

Preferably said variables are sifted one-by-one to a deepest 
best location. Advantageously said variables are sifted one -by- 
one in said selected order to a deepest best location followed 
by sifting in reverse order to a shallowest best location. 

According to a fourth aspect of the present invention there 
is provided apparatus for restructuring a binary decision diagram 
comprising : - 

storage circuitry for storing bits representative of a set 
of functions as binary decision diagrams having a plurality of 
nodes labelled by variables; 

a processor for detecting a number of nodes of said binary 
decision diagram, and in response to such detection, arranging 
the variables of said binary decision diagram on the nodes of a 
graph in which the nodes are labelled such that the set of 
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functions labelling leaves reachable from a node corresponds to 
the set of functions which depend on the variables labelling the 
node, traversing the graph in a depth- first fashion to produce 
a list of labels in a selected order and using said selected 
order, controlling sifting of variables of said binary decision 
diagrams ; 

wherein said sifted binary decision diagram is written by 
said processor to said storage. 

According to a fifth aspect of the present invention there 
is provided a method for proving the properties of a hardware 
system comprising: - 

representing said system as binary decision diagrams having 
a plurality of nodes labelled by variables; 

substituting functions which determine variables of internal 
signals ; 

arranging the variables of a binary decision diagram on the 
nodes of a graph in which the nodes are labelled with the 
variables of the system such that the set of functions labelling 
leaves reachable from a node corresponds to the set of functions 
which depend on the variables labelling the node; and 

traversing the graph in a depth- first manner to produce a 
list of said labels in a selected order; 

using said selected order, controlling sifting each 
variable . 

According to a sixth aspect of the present invention there 
is provided apparatus for proving the properties of a hardware 
system comprising: 

storage circuitry for storing bits representative of a set 
of functions which represent the hardware system as binary 
decision diagrams having a plurality of nodes labelled by 
variables ; 

processor means for substituting functions which determine 
the values of internal signals into the set of functions 
representing said system and detecting an increase in the number 
of nodes of said binary decision diagram, and, in response to 
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such detection arranging the variable of said binary decision 
diagram on the nodes of a graph in which the nodes are labelled 
with the variables of the system such that the set of functions 
labelling leaves reachable from a node corresponding to the set 
of functions which depend on the variables labelling the node, 
traversing the graph in a depth-first fashion to produce a list 
of labels in said selected order, and using said selected order 
controlling sifting of the variables of said binary decision 
diagram; and 

further comprising a second store, wherein said sifting 
binary decision diagram is written by said processor to said 
second store . 

Preferably said number is a threshold derived from an 
original number of nodes . 

Alternatively said number of nodes is the number of nodes 
which branches on a predetermined variable . 

Alternatively said number is an absolute number. 

BRIEF DESCRIPTION OF THE DRAWINGS 

An embodiment of the present invention will now be described 
with respect to the following drawings in which :- 

Figure 1 shows a binary decision diagram for the function 

f = X OR y; 

Figure 2 shows a logical diagram of a multiplexer; 

Figure 3 shows a binary decision diagram for the equation; 

bi = NOT (ai AND Si) ; 

Figure 4 shows the binary decision diagram for the equation 



d = NOT (bi AND ba AND h^. . .hj ; 
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Figure 5 is an optimally ordered substitution of the 
equations of Figures 3 and 4; 

Figure 6 shows a graph of relationships between the 
variables of the multiplexer of Figure 2; and 

Figurer 7 shows an example of apparatus arranged to 
implement an embodiment of the present invention. 

DESCRIPTION OF THE PREFERRED EMBODIMENTS 

A Binary Decision Diagram (hereinafter referred to as a BBD) 
is a directed acyclic graph representative of a Boolean function 
as a decision procedure based on the variables on which it 
depends. For instance, for the function:- 

f = X OR y, 

f can be implemented by the decision procedure "if x then 
true else if y then true else false". Each of the 
"if. . .then. . .else. . . " constructs of this decision procedure can 
be represented as a node in a graph. 

Referring to Figure 1, the first node 1 is labelled with the 
variable x and there are two branches from this first node, one 
11 is "true" and the other 12 is "if y then true else false" . 
This other branch 12 leads to a second node 2 which is labelled 
with the variable y, which in turn has two branches 21, 22 of 
which one is "true" and the other is "false" . 

It will be understood that although the nodes 1 and 2 are 
described above as being labelled with variables , nevertheless 
these labels could in fact refer to functions which upon 
evaluation would give rise to the logical values "true" or 
"false" . 

Referring now to Figure 2, a multiplexer consists of a first 
set of n NAND gates lOi-lOn, each gate having two respective 
inputs a^-an, s^-Sn- The outputs lines b^ and b^ of the gates are 
connected to an n- input NAND gate 2 0 having an output d. 
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Thus, in terms of a system as described in the preamble to 
this patent application, the multiplexer of Figure 2 has system 
inputs (a^-a^, s^-Sn) , internal signals (bi-b^) and a system output 
(d) . The output d is related to the internal signals b^-b^ by 
the equation: - 

d = NOT (bi AND AND h^. . .b„) 

and each internal signal bi to the respective inputs a^ and s^ by 
the equation 

bi = NOT (Hi AND Si) 

Thus , 

d = (ai AND Si) OR {a.2 AND s^) OR. . . (a„ AND sj 

Referring to Figure 3 the relationship bi = NOT (ai AND Si) 
is shown as a binary decision diagram. 

Figure 4 shows the binary decision diagram representation 
of the expression for d in terms of the internal signals b. 

By inspection, there are 3n variables (ai, Si and bi) and 
there are thus (3n) ! apparently equally good orderings possible. 
However, by inspection of the overall equation for the device it 
would be seen that a^ and s-^ are associated together, aj and 
are associated together and so on which means that there are in 
fact only n! orderings which are optimal for the entire system. 

An advantage of the present invention is that it enables 
more information about the system as a whole to be taken into 
account when performing operations which would otherwise not take 
this information into account. Failing to take the information 
into account can result in following paths which do not lead to 
a solution, or which are highly inefficient in reaching the 
solution . 
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Figure 5 shows a binary decision diagram for the multiplexer 
of Figure 2 in which the respective pairs of inputs are 
associated together. 

The s-ize of a binary decision diagram is sensitive to the 
order in which the variables are inspected, and efficient BDD 
reordering is very important. One algorithm for reordering is 
"sifting", wherein each variable is taken in turn and the best 
position of it is found by trying it in every possible position 
of the BDD. It is then necessary to decide which variable to 
take first. A known and frequently successful tool for doing this 
is to rank the variables according to which variable labels the 
greatest number of nodes and then to sift in the order of 
ranking . 

In the present BDD, it is clear that each variable labels 
a single node and thus it would not be possible using known 
techniques to identify a highest ranking variable. 
Conventionally, in such a situation, an arbitrary order for 
sifting would be used. 

The present invention makes use of a function graph which 
is traversed to determine an order for sifting. 

As used herein, a function graph is a directed acyclic graph 
where the leaves are labelled with functions and the nodes are 
labelled with sets of variables (non-empty) . The only 

restriction put on this graph is that a variable which is in the 
set labelling a node is in the "cone" of all the functions at the 
leaves below it and no others. This restriction plus the fact 
that the sets of variables must be non-empty, is enough to ensure 
that the graph is unique. The "cone" of a function is herein 
defined to be all those variables on which a function depends, 
either directly or through the intermediate signals on which it 
depends . 

Using a function graph to define an ordering of the 
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variables in a BDD to minimise its size may be related to the 
register allocation technique used in software compilation in 
that the ordering of the variables is derived from a traversal 
of the function graph in such a way that no node is visited 
before all of its predecessors has been visited, but each node 
is visited as soon as all its predecessors have been visited, 
unless there is a race between more than one node, in which case 
one of the competing nodes is chosen and its subgraphs traversed 
first. 

Figure 6 shows a function graph for the multiplexer of 
Figure 2 having a root labelled by b^-bn intermediate nodes 
labelled by a^, s^, a.2, Sj . . . a„ s^ and leaves as shown. Traversing 
this function graph from the top down gives the order: - 

bj^, hz- ■ - h^, a-L, Si, a.2, S2 . . . .a^, s^ 

By using this order which is derived from static information 
of the system, the binary decision diagrams of (in this case) 
Figures 1, 3 and 4 are sifted to provide an optimal order. This 
order is that represented by Figure 5. 

It should be noted that substitution may be effected without 
restructuring the BDD, while monitoring the size of the BDD. If 
an explosi'on in BDD size is detected, sifting is then effected 
on the basis of the order provided by the present invention. 

Figure 7 shows an example of apparatus aranged to implement 
an embodiment of the present invention. A first storage 
circuitry 3 0 stores data representative of the variables of a 
binary decision diagram. 

The first storage circuitry has an input 32 for receiving 
the variables. The output 34 of the first storage circuitry is 
coupled to an input of a processor 40. The processor receives 
the variables via the output 34 of the first storage circuitry 
and consults a function graph by arranging the variables in a 
representation of the nodes of the graph such that the nodes are 



10 



labelled with the variables so that the set of functions 
labelling leaves reachable from a node corresponds to the set of 
functions which depend on the variables labelling the node, as 
shown in Figure 6 . The processor then traverses the graph in a 
depth- first manner, as indicated in Figure 6 by the arrow, to 
construct a list of the labels in a selected order. The list is 
output from the processor via output 44 which is coupled the 
input 52 of second storage circuitry. 

While the invention has been previously shown and described 
with reference to a preferred embodiment, it will be understood 
by those skilled in the art that various changes in form and 
detail may be made therein without departing from the spirit and 
scope of the invention. 
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What is claimed is : - 

1. A method for selecting an order in which to sift variables 
in a binary decision diagram comprising :- 

arranging the variables of a binary decision diagram on the 
nodes of a graph in which the nodes are labelled with the 
variables of the system such that the set of functions labelling 
leaves reachable from a node correspond to the set of functions 
which depend on the variables labelling the node; and 

traversing the graph in a depth first manner, thereby to 
produce a list of said labels in said selected order. 

2 . Apparatus for selecting an order in which to sift variables 
in a binary decision diagram comprising a first store storing 
bits representing the variables of the binary decision diagram; 

a second store; and 

a processor adapted to arrange the said variables of said 
binary decision diagram in a representation of the nodes of a 
graph in which the nodes are labelled with the variables such 
that the set of functions labelling leaves reachable from a node 
corresponds to the set of functions which depend on the variables 
labelling the node; and to traverse the graph in a depth- first 
manner such that said processor outputs to said second store a 
list of said labels in said selected order. 

3 . A method for restructuring a binary decision diagram 
representative of a hardware system, comprising :- 

arranging the variables of a binary decision diagram on the 
nodes of a graph in which the nodes are labelled with the 
variables of the system such that the set of functions labelling 
leaves reachable from a node corresponds to the set of functions 
which depend on the variables labelling the node; and 

traversing the graph in a depth- first manner to produce a 
list of said labels in a selected order; 

using said selected order, controlling sifting each 
variable . 
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4 . A method as claimed in claim 3 wherein said variables are 
sifted one-by-one to a deepest best location. 

5. A method as claimed in claim 3 wherein said variables are 
sifted one-by-one is said selected order to a deepest best 
location followed by sifting in reverse order to a shallowest 
best location. 

6. Apparatus for restructuring a binary decision diagram 
comprising : - 

storage circuitry for storing bits representative of a set 
of functions as binary decision diagrams having a plurality of 
nodes labelled by variables; 

a processor for detecting a number of nodes of said binary 
decision diagram, and in response to such detection, arranging 
the variables of said binary decision diagram on the nodes of a 
graph in which the nodes are labelled such that the set of 
functions labelling leaves reachable from a node corresponds to 
the set of functions which depend on the variables labelling the 
node, traversing the graph in a depth- first fashion to produce 
a list of labels in a selected order and using said selected 
order, controlling sifting of variables of said binary decision 
diagrams ; ■ 

wherein said sifted binary decision diagram is written by 
said processor to said storage circuits. 

7. A method for proving the properties of a hardware system 
comprising : - 

representing said system as binary decision diagrams having 
a plurality of nodes labelled by variables; 

substituting functions which determine variables of internal 
signals ; 

arranging the variables of a binary decision diagram on the 
nodes of a graph in which the nodes are labelled with the 
variables of the system such that the set of functions labelling 
leaves reachable from a node corresponds to the set of functions 
which depend on the variables labelling the node; and 
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traversing the graph in a depth- first manner to produce a 
list of said labels in a selected order; 

using said selected order, controlling sifting each 
variable . 

8 . Apparatus for proving the properties of a hardware system 
comprising : 

storage circuitry for storing bits representative of a set 
of functions which represent the hardware system as binary 
decision diagrams having a plurality of nodes labelled by 
variables ; 

a processor for substituting functions which determine the 
values of internal signals into the set of functions representing 
said system and detecting an increase in the number of nodes of 
said binary decision diagram, and, in response to such detection 
arranging the variable of said binary decision diagram on the 
nodes of a graph in which the nodes are labelled with the 
variables of the system such that the set of functions labelling 
leaves reachable from a node corresponding to the set of 
functions which depend on the variables labelling the node, 
traversing the graph in a depth- first fashion to produce a list 
of labels in said selected order, and using said selected order 
controlling sifting of the variables of said binary decision 
diagram; and 

further comprising a second store, wherein said sifting 
binary decision diagram is written by said processor to said 
second stopre . 

9. Apparatus as claimed in claim 8 wherein said number is a 
threshold derived from an original number of nodes . 

10. Apparatus as claimed in claim 8 wherein said number of nodes 
is the number of nodes which branches on a predetermined 
variable . 

11. Apparatus claimed in claim 8 wherein said number is an 
absolute number. 
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METHOD AND APPARATUS FOR PROVING 
SYSTEM PROPERTIES 

ABSTRACT 

A method for selecting an order in which to sift variables 
in a binary decision diagram by arranging the variables of a 
binary decision diagram on the nodes of a graph, the nodes of the 
graph being labelled with the variables of the system such that 
the set of functions labelling the leaves reachable from a node 
correspond to the set of functions which depend on the variables 
labelling the node, and traversing the graph in a depth first 
manner, thereby to produce a list of the labels in the selected 
order . 
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acknowledge the duty to disclose material information as defined in Title 37, Code of Federal 
Regulations, Section 1.56 which became available between the filing date of the prior application 
and the national or PCT International filing date of this application: 
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David M. Driscoll or James H. Morris 
c/o Wolf, Greenfield & Sacks, P.C., 
Federal Reserve Plaza 

600 Atlantic Avenue 
Boston, MA 02210-2211 

I hereby declare that all statements made herein of my own knowledge are true and that z 
made on information and belief are believed to be true; and further that these statements were made 
with the knowledge that willful false statements and the like so made are punishable by fine or 
imprisonment, or both, under Section 1001 of Title 18 of the United States Code and that such willful 
false statements may jeopardize the validity of the application or any patent issued thereon. 
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